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BACKGROUND OF THE INVENTION 
I . Field of the Invention 

The present invention generally relates to a portable electronic 
device, and a method for issuing the device. More particularly, the 
5 present invention relates to a device and method for achieving high 

security during application operation and high efficiency while being 
issued. 

II . Background and Material Information 

A portable electronic device such as an IC card prevents an 

10 unauthorized third person from reading and rewriting data stored in an 

internal memory, writing new data into the internal memory by a security 
function realized by, such as, a personal identification number (PIN) 
code, and encoding data to be transmitted to or from a card reader/writer. 
An IC card needs to be written with specific data necessary for 

15 operation of each application. For example, an IC card may require entry 

of an owner's PIN code and cryptographic key for an application so that 
the IC card can become usable for the application. This process of 
writing the specific data into the IC card is called "issuance." An issuer 
usually issues a large number of IC cards with specific data at a time. 

2 0 Each issued IC card requires satisfaction of the security function except 

for the owner's PIN code. Therefore, because a preparatory process such 
as a data encoding process must occur before the issuing process, this 
preparatory process makes issuing the card inefficient. 

Therefore, demanded is a mechanism in which (1) an unissued IC 

2 5 card can be written with the specific data without satisfying with the 
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security function and (2) the security function becomes valid after the 
issuance and each IC card requires satisfaction of the security function in 
case of data writing or data rewriting. That is, an IC card with which 
achieves high security during application operation and high efficiency 
5 during issuance is demanded. 

SUMMARY OF THE INVENTION 
In view of the foregoing, the present invention solves the inherent 
limitations of existing issuing systems by use of a specific application 
program and a method for issuing the device that substantially obviates 
10 one or more of the problems due to limitations and disadvantages of the 

past approaches. 

In accordance with an aspect of the present invention, as embodied 
and broadly described, the present invention is directed to a portable 
electronic device. The device comprises means for executing a security 

15 function against unauthorized use, the security function is validated by a 

command received from outside the device, means for storing data 
necessary to use the application program, and means for storing data 
indicating whether the security function is valid based on the command. 
Also in accordance with another aspect of the present invention, 

2 0 there is provided a portable electronic device. The device comprises a 

nonvolatile memory, means for storing validity data indicating whether 
the security function is valid into the nonvolatile memory, wherein the 
validity data is received as a command message from the outside of the 
device, first means for determining whether a command message 

2 5 provided from outside the device includes data for the security function, 
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second means for determining whether the nonvolatile memory is stored 
with the validity data, and first means for writing or rewriting data into 
the nonvolatile memory following the command message, when the first 
determining means determines the command message does not to include 
5 the data for security function, and, wherein the second determining 

means determines the nonvolatile memory not to be stored with the 
validity data. 

In accordance with another aspect of the present invention, there is 
provided a method for issuing a portable electronic device. The method 

10 comprises providing a security function against unauthorized use into the 

device, storing in the device data necessary to use the application 
program, and validating the security function by issuing a command after 
storing said data. The security function is validated by the command 
received from outside the device. 

15 It is to be understood that both the foregoing general description 

and the following detailed description are exemplary and explanatory 
only and are not restrictive of the invention, as claimed. Further features 
and/or variations may be provided in addition to those set forth herein. 
For example, the present invention may be directed to various 

2 0 combinations and subcombinations of the disclosed features and/or 

combinations and subcombinations of several further features disclosed 
below in the detailed description. 

BRIEF DESCRIPTION OF THE DRAWINGS 
The accompanying drawings, which are incorporated in and 

2 5 constitute a part of this specification, illustrate various embodiments 
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and/or features of the invention and together with the description, serve 
to explain the principles of the invention. In the drawings: 

FIG. 1 is an exemplary block diagram depicting the configuration of 
an IC card processing apparatus 100 according to the principles of the 
5 present invention; 

FIG. 2 is an exemplary block diagram depicting the function of IC 
card 102; 

FIG. 3 is an exemplary block diagram depicting the configuration 
of IC module 300; 

10 FIG. 4 is a diagram depicting a mapping example in data memory 

304 after the issuance; 

FIG. 5 is a diagram depicting an example of DF definition 
information; 

FIG. 6 is a diagram depicting an example of EF definition 
15 information generated subordinately to a DF definition information; 

FIGs. 7(a)-(d) are diagrams depicting writing or rewriting 
command message format examples; 

FIG. 8 is a diagram depicting a message format example of a 
command that validates security flag 510; 
2 0 FIG. 9 is an exemplary flowchart depicting a process for validating 

security flag 510 of the DF definition information; and 

FIG. 10 is an exemplary flowchart depicting a process generated by 
a command message for writing or rewriting. 

DETAILED DHSCR TPTTON 
2 5 The various aspects and features of the present invention will be 
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hereinafter described with reference to the accompanying drawings. 

FIG. 1 is an exemplary block diagram depicting the configuration of 
an IC card processing apparatus 100 according to the principles of the 
present invention. IC card processing apparatus 100 communicates with 
5 an IC card 102. IC card processing apparatus 100 comprises a computer 

104 which generally controls IC card processing apparatus 100. IC card 
102 and computer 104 communicate with each other using a card 
reader/writer 106. For example, IC card 102 and computer 104 may be 
physically connected, or not physically connected, such as an antenna. 

10 IC card processing apparatus also comprises a keyboard 108 for 

inputting a command and data, a cathode ray tube (CRT) display 110 for 
displaying data, a printer 112 for printing data, and a floppy disk drive 
(FDD) 114 for storing data, all of which are connected to computer 106. 
FIG. 2 is an exemplary block diagram depicting the function of IC 

15 card 102. 

IC card 102 comprises a reading/writing unit 200, a PIN 
setting/collating unit 202, an encoding/decoding unit 204, and a 
supervisor 206. Supervisor 206 controls various functions executed by 
units 200, 202, and 204. 

2 0 The functions of units 200, 202, and 204 are now further described. 

Reading/writing unit 200 reads data from and writes data into a data 
memory 302 (further described below) and a program memory 304 
(further described below) with specific commands or specific data 
provided by computer 104 via card reader/writer 106. 

2 5 PIN setting/collating unit 202 sets an owner's PIN code in data 
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memory 302 when an IC card is issued, replaces the PIN code when 
requested by the owner, and collates a PIN code provided by computer 
104 in comparison with the set PIN code when the IC card is used. 

Encoding/decoding unit 204 encodes data provided by IC card 102 
5 to computer 104, and decodes encoded data provided from computer 104 

to IC card 102. 

Supervisor 206 receives a command (and data) from card 
reader/writer 106, interprets that command, and instructs units 200, 202, 
and 204 to execute various functions, such as read, write, encode, or 
10 decode. 

FIG. 3 is an exemplary block diagram depicting the configuration 
of IC module 300. 

IC module 300 comprises a CPU 302, a data memory 304, a program 
memory 306, and a contact unit 308. CPU 302 controls IC module 300. 
15 Data memory 304 is a nonvolatile memory for storing various data, such 

as an EEPROM. Program memory 306 is a mask ROM printed a control 
program. A mask ROM is a ROM chip printed with data for a program 
when produced. Contact unit 308 is an interface between IC 310 and card 
reader/writer 106. 

2 0 An IC 310 contains CPU 302, data memory 304, and program 

memory 306. IC module 300 is composed of contact unit 308 and IC 310 
connected with contact unit 308. IC card 102 is formed with IC module 
300 and a plastic card (not shown) for packing IC module 300. 

FIG. 4 is a diagram depicting a mapping example in data memory 

2 5 304 after the issuance. 
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Data memory 304 comprises a system area 400, a dedicated file 
(DF) / elementary file (EF) definition area 402, and a data area 404. 

System area 400 stores fixed data and initial value of variable data, 
both of which are necessary to use IC card 102. Both data are stored in 
5 system area 400 before the issuance. 

DF/EF definition area 402 stores both DF definition information 
and EF definition information. DF definition information defines an 
application, and EF definition information defines data to be used for the 
application. In FIG. 4, two pieces of EF definition information, EF1-1 
10 and EF1-2, are given respective EF identifiers "EF1" and "EF2." The 

information is stored in DE/EF definition information area 402 
correspondingly to DF definition information named "DF1." 

DF/EF definition area 402 also comprises an unused area for 
storing DF definition information and EF definition information. This 
15 information is added when IC card 102 is additionally issued regarding a 

new application, or when new data is additionally written into a current 
application. 

Data area 404 stores data and CPU 302 manages the stored data 
using EF definition information. Data area 404 also stores one or more 
2 0 programs for each application. Each application is managed on the basis 

of DF definition information so that validity or invalidity of the security 
function of an application can be set separately among applications. 

FIG. 5 is a diagram depicting an example of DF definition 
information. 

2 5 DF definition information comprises a DF name 500, DF size 
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information 502, security format information 504, and a security flag 506. 
Every DF has a unique DF name 500 by which CPU 302 looks up a 
corresponding DF. DF size information 502 is an area in data memory 
304 which both a DF and EFs subordinate to the DF can use. When a new 
5 EF is added subordinately to a DF, the size of the new EF is subtracted 

from the size stored in DF size information. Security format information 
504 stores information regarding message formats of writing or rewriting 
commands to be executed under a DF. 

Security flag 506 is set while security of an application is valid. 
10 When security flag 506 is set, only a writing or a rewriting command 

having the same message format as designated by corresponding security 
format information 504 is accepted, however, writing or rewriting 
command having other format will be refused, and not accepted. 
FIG. 6 is a diagram depicting an example of EF definition 
15 information generated subordinately to a DF definition information. 

EF definition information comprises DF information 600, an EF 
identifier 602, address information 604, EF size information 606, and EF 
format information 608. 

DF information 600 indicates a dominant DF to an EF. Every EF 
2 0 has a unique EF identifier 602 by which control element 302 looks up a 

corresponding EF. Address information 604 stores an address in a data 
area managed on the basis of a corresponding EF definition information. 
EF size information 606 indicates the size of a data area managed on the 
basis of a corresponding EF definition information. EF format 
2 5 information 608 stores information regarding the structure of an EF 
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definition information. An international organization for 
standardization (ISO) provides a record structure EF and a transparent 
structure EF in IS07816-4. More information on IS07816-4 may be 
found in: International Organization for Standardization, "International 
5 Standard ISO/IEC 7816: Integrated circuit(s) cards with contacts." 

FIGs. 7(a)-(d) are diagrams depicting a writing or rewriting 
command message format examples. 

As shown in FIG. 7(a), a format #1 is a basic command of writing or 
rewriting. The format #1 comprises a command header area and data area. 
10 The command header indicates whether the command is a writing 

command or a rewriting command. The data area comprises data to be 
written or rewritten to data memory 304. The format #1 is accepted when 
security flag 506 is not valid. 

On the other hand, formats #2-#4 respectively shown in FIG. 
15 7(b)-(d) are accepted when security flag 506 is valid. 

As shown in FIG. 7(b), a format #2 comprises encoded data area to 
conceal data. In this case, security verification is carried out through 
decoding of the encoded data. 

As shown in FIG. 7(c), a format #3 comprises a spare data area to 
2 0 realize justifiability of data. In this case, security verification is carried 

out by determining the justifiability of the spare data. 

As shown in FIG. 7(d), a format #4 comprises an encoded data area, 
and spare data area to realize concealment and justifiability of data. In 
this case, security verification is carried out judging from encoding 
2 5 results and justifiability of the spare data. 
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The formats #2-#4 are designated correspondingly to each DF by 
security format information 504. 

FIG. 8 is a diagram depicting a message format example of a 
command that validates security flag 510. 
5 The command is composed of single command header area. 

Immediately after an execution of the command, security flag 510 of the 
DF definition information is validated. 

FIG. 9 is an exemplary flowchart depicting process for validating 
security flag 510 of the DF definition information. 

10 Computer 104 sends a command message to CPU 302 via card 

reader/writer 106 and contact unit 306 to validate security flag 510 
(shown in FIG. 6). Next, CPU 302 receives the command message (step 
SI). CPU 302 collates the format type of the command message. That is, 
CPU 302 determines whether the received command message is a 

15 command message for validating security flag 510 (step S2). When CPU 

302 determines that the command message is a command message to 
validate security flag 510, CPU 302 validates security flag 510 which is 
included in a DF definition information under a current processing, 
hereinafter referred to 'current DF' (step S3). 

2 0 FIG. 10 is an exemplary flowchart depicting a process generated by 

a command message for writing or rewriting. 

Computer 104 sends a command message for writing or rewriting 
(shown in FIG. 7(a)-(d)) to CPU 302 via card reader/writer 108 and 
contact unit 306. Next, CPU 302 receives the command message (step Tl). 

2 5 CPU 302 collates the format type of the command message. CPU 302 
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then determines whether the type of the command message is the format 

#1 type (step T2). If the message is format #1, CPU 302 determines 

whether security flag 510 regarding a current DF definition information 

is validated (step T3). When the security flag 510 is determined not yet 
5 to be validated, CPU 302 writes or rewrites as designated by command 

header area 800 (step T4). 

Therefore, an unissued IC card can be written or rewritten with data 

for application operation without satisfying the security function and 

accordingly issuance becomes highly efficient. 
10 When the security flag 510 is determined to be already validated in 

step T3, CPU 302 sends a reply status indicating "the format type of the 

received command message is not acceptable." to computer 104 (step T5). 

Thus format #1 will be refused when security flag 510 is validated. 
When CPU 302 determines the format type of command message 
15 not to be the format #1 (step T2), CPU 302 writes or rewrites data 

designated by security format information 504 in the current DF 

definition information using received command message (step T6). 

CPU 302 then determines whether the command message can pass 

the verification by the security function (step T7). When the command 
2 0 message passes the verification, CPU 302 writes or rewrites data 

designated in command header area (step T4). 

When the command message can not pass the verification, CPU 302 

sends a replying status indicating "the received command message is not 

acceptable" to computer 104 (step T8). 
2 5 As described above, consistent with the principles of the present 
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invention, an unissued IC card can be written with the specific data 
without satisfying with the security function and the security function 
becomes valid after the issuance and each IC card requires satisfaction of 
the security function in case of data writing or data rewriting. That is, a 
5 mechanism in which an IC card with which achieves high security during 

application operation and high efficiency during issuance. 

Other embodiments of the present invention will be apparent to 
those skilled in the art from consideration of the specification and 
practice of the invention disclosed herein. It is intended that the 
10 specification and examples be considered as exemplary only, with a true 

scope and spirit of the present invention being indicated by the following 
claims. 
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WHAT IS CLAIMED IS: 



1. A method for issuing a portable electronic device containing 
an application program, comprising the steps of: 
5 providing a security function against unauthorized use into the 

device, wherein the security function is validated by a command received 
from outside the device; 

storing in the device data necessary to use the application program; 

and 

10 validating the security function by issuing the command after 

storing said data. 



2. The method of claim 1, wherein storing said data includes the 
step of: 

15 storing a PIN code used to identify the owner of the device. 

3. The method of claim 1, wherein: 

said providing a security function comprises providing a plurality 
of security functions different from each other depending on 
2 0 corresponding application programs; and 

said storing data comprises storing a cryptographic key used to 
identify a corresponding application program. 
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4. A portable electronic device containing an application 
program, comprising: 

means for executing a security function against unauthorized use, 
the security function is validated by a command received from outside 
the device; 

means for storing data necessary to use the application program; 

and 

means for storing data indicating whether the security function is 
valid based on the command. 

5. The device of claim 4, wherein: 

said data necessary to use the application program is a PIN code 
used to identify the owner of the device. 



15 6. The device of claim 4, wherein: 

said security function executing means executes a plurality of 
security functions different from each other depending on corresponding 
application programs; and 

said data necessary to use the application program is a 
2 0 cryptographic key to identify a corresponding application program. 



7. The device of claim 4, wherein: 

said portable electronic device is an IC card. 
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8. A portable electronic device with a security function, 
containing an application program, comprising: 

a nonvolatile memory; 

means for storing validity data indicating whether the security 
5 function is valid into the nonvolatile memory, wherein the validity data 

is received as a command message from the outside of the device; 

first means for determining whether a command message provided 
from outside the device includes data for the security function; 

second means for determining whether the nonvolatile memory is 
10 stored with the validity data; and 

first means for writing or rewriting data into the nonvolatile 
memory following the command message, when the first determining 
means determines the command message does not include the data for 
security function, and, wherein the second determining means determines 
15 the nonvolatile memory not to be stored with the validity data. 

9. The device of claim 8, further comprising: 

first means for outputting a status indicating that the command 
message is not acceptable, when the first determining means determines 
2 0 the command message not to be including the data for security function, 

besides, when the second determining means determines the nonvolatile 
memory to be stored with the validity data. 
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10. The device of claim 8, further comprising: 

third means for determining whether verification of the data for the 
security function succeeds, when the first determining means determines 
the command message to be including data for the security function; and 
5 second means for writing or rewriting data into the nonvolatile 

memory following the command message, when the third determining 
means determines the verification is successful. 

11. The device of claim 9, further comprising: 
second means for outputting a status indicating that the command 

message is not acceptable when the third determining means determines 
the verification of the data for the security function is not successful. 

12. The device of claim 9 wherein the command message 
comprises: 

a writing or rewriting command; 

data to be written or rewritten into the nonvolatile memory; and 
additional data guaranteeing the justifiability of the data based on 
verification of the data. 

13. The device of claim 9 wherein the command message 
comprises: 

a writing or rewriting command; and 

encoded data to be written or rewritten into the nonvolatile memory 
after being decoded, based on verification of the data. 
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14. The device of claim 9 wherein the command message 
comprises: 

a writing or rewriting command; 

encoded data to be written or rewritten into the nonvolatile memory 
after being decoded; 

additional data guaranteeing the justifiability of the data; and 
wherein: 

the verification of the data is performed based on the encoded data 
and the additional data. 

15. The device of claim 9, wherein the nonvolatile memory stores 
a plurality of security programs different from each other depending on a 
corresponding application program. 



15 16. The device of claim 13, wherein each security program is 

separately validated in response to a prescribed command message for 
validation, and wherein each security program corresponds to an 
application program. 

2 0 17. The device of claim 13, wherein at least one available format 

of the command message is separately defined, and wherein each format 
corresponds to an application program. 
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ABSTRACT OF THK DTSCLOSURE 
A portable electronic device with which an owner of the device 
makes use of a specific application program and a method for issuing the 
device. An unissued IC card can be written with the specific data without 
satisfying the security function of the IC card. After the issuance of the 
IC card, the security function becomes valid and each IC card requires 
satisfaction of the security function in case of data writing or data 
rewriting. 
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No. 28,618; Martin L Fuchs, Reg 
Rag, No. 29,924; Susan 
Thomas H. Jenkins, Reg, No. 30 
No, 20,348; Christopher P. Foley 
No. 30,953; Kenneth J. Meyers, 
Reg. No. 31,738; Steven M, 
McCurdy, Reg. No. 32 r 12Q; 
No. 31,744; J. Michael Jakes, 
Reg. No, 32,719; Christopher P. 
Barker, Reg. No. 32,013; Andrdv 
Vincent P, Kovalick, Reg, No 32 
No. 32,045; Joann M, Neth, Reg 
No. 33,216; Charles E. Van Horn, 
Beifcowite, Reg, No. 36,743; Michael 



28,478; 
166; 



Anzatone, 
Jam 35 



Reg, 



HENDERSON, FARABOW, 

200Q5, Telephone No. (202) 



I hereby declare that all statements 
made on information and belief *|re 
the knowledge that willful false 
or both, under section 1001 of T|te 
may jeopardize the validity of the application 



and/or ageni(e) to prosecute this application and transact atl 
connected therewith. FINNEGAN, HENDERSON, 
# Reg. No- 22,840. Douglas B. Henderaon, Reg. No, 20,291; 
630; ArthurS, Garrett, Reg, No. 20,339; Donald R. Dunnar, Reg. 
teg. No. 22 t 593; Tipton D* Jennings IV t Reg. No. 20,1545; Jerry D, 
R. Halter, Reg, No, 20,827; Kenneth E. Payne, Reg. No. 23,098; 
c. Larry O'Rourke, Reg, No, 26,014; Albert J. Santorelli, Reg. 
. No. 25,857; Richard H, Smiths Reg. No. 20,609; Stephen L Peterson, 
; Reg. No. 26,331; Bruce C. Zotter, Reg, No, 27,880; Dennis P. 
M. Soke!, Reg. No. 26,695; Robert D. Bajefeky, R&g. No, 25,387; 
; David W, Hill, Rag. No. 28,220; Thomas L Irving, Reg. No. 28 r 619; 
; Thomas W. Wrnland, Reg, No, 27,605; Basil J. Lewris, Reg. 
No. 28 T 508; E. Robert Yoches, Reg. No. 30,120; Barry W. Graham, 
an Griffen, Reg. No. 30,907; Richard B. Racine, Reg, No, 30,415; 
,857; Robert E. Converse, Jr., Reg. No. 27,4212; GfelrX. Mullen. Jr M Reg. 
, Reg. No. 31,354; John C. Paul, Reg. No. 30,413; David M. Kelly, Reg. 
<ieg. No. 25,146; Carol P. Einaudi, Reg. No. 32,220; Walter Y, Boyd, Jr., 
f. Reg. No. 32,095; Jean B. Fordfs, Reg. No. 32,984; Barbara C. 
K. Hammond. Reg. No, 31,964; Richard V, Burgujlan, Reg. 
No, 32,824; Dirk D. Thomas, Reg. No. 32,600; Thomas W. Banks, 
Isaac, Reg. No. 32,616; Bryan G. Diner, Reg. No, 32,409; M- Paul 
i Chanho Sonu, Reg, No. 33,457; David s. Fonran. Reg. No. 33,694; 
867; James W. Edmondson, Reg, No, 33.871; Michael R, McGurfc Reg, 
No, 36,383; Gereon S. Paniteh, Reg. No, 33,751; Cher! M. Taylor. Reg. 
i, Reg. No, 40,266; and Linda A. Wadler, Reg. Na 33,218; Jeffrey A. 
R, Kelly, Reg. No, 33,821; Jamas B. Monroe, Reg. No. 33,971; and 

. Please address all correspondence to FINNEGAN, 

Street, N.W., Vtoahington. D.c. 



GARRETT* DUNNER, LLP,, 1300 
408-4000. 



made herein of my own knowledge are &ue and that all statements 
believed to be true; and further that these statements were made with 
statements and the HKe so made are punishable by fine or imprisonment, 
18 of the United States Code, and that such willful false statements 
or any patent Issuing thereon. 
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Date 

2060 


Residence 
Tokyu, Japan 
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Japan 
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